An entity subject to or regulated by federal laws, rules, regulations, procedures, or guidance on data breach notification established or enforced by the federal government is exempt from this chapter as long as the entity does all of the following:
(1) Maintains procedures pursuant to those laws, rules, regulations, procedures, or guidance.
(2) Provides notice to affected individuals pursuant to those laws, rules, regulations, procedures, or guidance.
(3) Timely provides a copy of the notice to the Attorney General when the number of individuals the entity notified exceeds 1,000.
Structure Code of Alabama
Title 8 - Commercial Law and Consumer Protection.
Chapter 38 - Data Breach Notification Act of 2018.
Section 8-38-3 - Reasonable Security Measures; Assessment.
Section 8-38-4 - Investigation of Security Breach.
Section 8-38-5 - Notice of Security Breach - Individuals Affected.
Section 8-38-6 - Notice of Security Breach - Attorney General.
Section 8-38-7 - Notice of Security Breach - Consumer Reporting Agencies.
Section 8-38-8 - Notice of Security Breach - Covered Entity.
Section 8-38-9 - Violations of Notification Requirements.
Section 8-38-10 - Disposal of Records Containing Sensitive Personally Identifying Information.